Systems and methods for preventing session fixation over a domain portal
US10454672B2 · kind B2 · utility
Assignee
Inventors
Key dates
| Filing date | May 25, 2017 |
| Grant date | Oct 22, 2019 |
| Priority date | — |
| Expiry date | Apr 21, 2038 |
Classification
- Technology area (CPC H)Electricity
- CPC primaryH04L63/14
- WIPO fieldDigital communication
- WIPO sectorElectrical engineering
Abstract
In one embodiment, a method includes a system receiving a request from a user's device, the request being directed to a first host. The system may generate a key, a verification token, and an encrypted key. The system may transmit the verification token and the encrypted key to the device from the first host, and transmit instructions configured to cause (1) the verification token to be stored as a cookie associated with the first host, and (2) the device to transmit the encrypted key to a second host. The system may receive a second request comprising the encrypted key from the device, and decrypt it to obtain the key upon determining that the encrypted key was not previously decrypted. The system may transmit the key to the device from the second host, and instruct the device to store the key as a cookie associated with the second host.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.